[−][src]Module pachyderm::auth
Modules
api_client | Generated client implementations. |
auth_config | |
id_provider | |
token_info |
Structs
Acl | |
AclEntry | |
ActivateRequest | ActivateRequest mirrors AuthenticateRequest. The caller is authenticated via GitHub OAuth, and then promoted to the cluster's first Admin. Afterwards, the caller can promote other users to Admin and remove themselves |
ActivateResponse | |
AuthConfig | Configure Pachyderm's auth system (particularly authentication backends |
AuthenticateRequest | Exactly one of 'github_token', 'oidc_state', or 'one_time_password' must be set: |
AuthenticateResponse | |
AuthorizeRequest | |
AuthorizeResponse | |
ClusterRoles | ClusterRoles reflects any cluster-wide permissions a principal has. A principal can have multiple cluster roles. |
DeactivateRequest | |
DeactivateResponse | |
ExtendAuthTokenRequest | |
ExtendAuthTokenResponse | |
GetAclRequest | |
GetAclResponse | GetACLReponse contains the list of entries on a Pachyderm ACL. |
GetAdminsRequest | Deprecated. Get the list of cluster super admins. |
GetAdminsResponse | |
GetAuthTokenRequest | |
GetAuthTokenResponse | |
GetClusterRoleBindingsRequest | Get the current set of principals and roles for the cluster |
GetClusterRoleBindingsResponse | |
GetConfigurationRequest | |
GetConfigurationResponse | |
GetGroupsRequest | |
GetGroupsResponse | |
GetOidcLoginRequest | |
GetOidcLoginResponse | |
GetOneTimePasswordRequest | GetOneTimePassword allows users to generate short-lived (~30s) tokens that can be passed to Authenticate() (via AuthenticateRequest.one_time_password) and exchanged for a longer-lived pachyderm token. This is more secure than GetAuthToken, which produces long-lived authorization tokens. |
GetOneTimePasswordResponse | |
GetScopeRequest | |
GetScopeResponse | |
GetUsersRequest | |
GetUsersResponse | |
Groups | |
IdProvider | IDProvider configures a single ID provider that can authenticate Pachyderm users |
ModifyAdminsRequest | Deprecated. Add and remove users from the set of cluster super admins. |
ModifyAdminsResponse | |
ModifyClusterRoleBindingRequest | Set cluster roles for the specified principal. Setting an empty list of roles revokes any roles the principal has. |
ModifyClusterRoleBindingResponse | |
ModifyMembersRequest | |
ModifyMembersResponse | |
OtpInfo | OTPInfo is the analogue of 'TokenInfo' for Authentication Codes (short-lived, one-time-use codes that are passed to the frontend and then exchanged for longer-lived tokens) |
RevokeAuthTokenRequest | |
RevokeAuthTokenResponse | |
SessionInfo | SessionInfo stores information associated with one OIDC authentication session (i.e. a single instance of a single user logging in). Sessions are short-lived and stored in the 'oidc-authns' collection, keyed by the OIDC 'state' token (30-character CSPRNG-generated string). 'GetOIDCLogin' generates and inserts entries, then /authorization-code/callback retrieves an access token from the ID provider and uses it to retrive the caller's email and store it in 'email', and finally Authorize() returns a Pachyderm token identified with that email address as a subject in Pachyderm. |
SetAclRequest | |
SetAclResponse | |
SetConfigurationRequest | |
SetConfigurationResponse | |
SetGroupsForUserRequest | |
SetGroupsForUserResponse | |
SetScopeRequest | |
SetScopeResponse | |
TokenInfo | TokenInfo is the 'value' of an auth token 'key' in the 'tokens' collection |
Users | |
WhoAmIRequest | |
WhoAmIResponse |
Enums
ClusterRole | |
Scope | Scope (actually a "role" in canonical security nomenclature) represents a rough level of access that a principal has to a repo |